After you have done that, and waited the appropriate amount of time, you can enable DKIM in Office 365 with the following PowerShell script: # Connect to Exchange OnlineĬonnect-exchangeonline -userprincipalname Next you will need to create the CNAME records. Get-DkimSigningConfig -Identity $_.Name | fl Selector1CNAME, Selector2CNAME | Out-File $file -Append You can also output it to a file: $file = "c:\temp\dkim.txt" Get-DkimSigningConfig -Identity $_.Name | fl Selector1CNAME, Selector2CNAME # Get all domains in your tenant and create DKIM records # Connect to Exchange OnlineĬonnect-exchangeonline -userprincipalname Make sure that you are connected to Exchange Online. With PowerShell, we can create the DKIM records for all domains in your tenant and enable DKIM after you have created the CNAME records. When you need to enable DKIM for multiple domains in your tenant, then it might be useful to use PowerShell. Value: v=DKIM1 p= Using PowerShell to create and enable DKIM
We can use a TXT record for this with the following format: You can also do this for subdomains that don’t send emails.īy creating a simple DNS TXT record we can tell the receiving mail systems that mail from this domain is invalid and should be rejected. This may sound strange, but these domains can still be used for spoofing and phishing attacks. If you have domains that don’t send mail, then it’s a good idea to protect does as well. When it’s successful you will see the following result for your domain:ĭKIM Test Protecting Domains that don’t send mail The test takes a couple of seconds to complete. A great site for this is but we can also use the Microsoft help in the Admin center for this. It’s always a good idea to verify the DNS record configuration. If you then still get the error, then double-check the CNAME records name and value.
If you get an error that the CNAME records are not found, then just wait a bit longer. Enable “Sign messages for this domain with DKIM signatures” Go back to the Security Admin Center and enable DKIM for your domainĢ. (Not all DNS providers are fast with updating DNS records). Repeat it for the second DKIM record (just change the 1 into 2)ĭepending on your DNS hosting provider we will now need to wait a couple of minutes or maybe even a day. – Enter the name and value of the DKIM key We will need to create the two CNAME records. – Navigate to your DNS records management We can now create the appropriate DNS records. In the example below you can replace contoso-com with your domain name and with your domain. Select the domain that you are sending mail fromĪll the DKIM Keys have the same format. If you don’t see the option Create DKIM Keys, then just go to the next step.ġ. Even though they all have the same format, this will make it easier to copy and paste the correct DNS record values We are first going to create the DKIM keys in the Microsoft 365 security center.
Office 365 email settings dns how to#
If you don’t know how to change your DNS records, then contact your hosting provider to assist you. I am using Cloudflare as a DNS Hosting provider, which I will be showing in the screenshots below. Note You will need to follow the steps below for every domain that you want to enable DKIM for in your tenant. Keep in mind that it can take some time (from a couple of minutes to 24 hours) until the DNS changes are processed. To configure DKIM we need to have access to the DNS records. Microsoft 365 uses its default policy and 2048-bit public DKIM key for your domain if you don’t enable it yourself.īut when you have more than one custom domain, or also intend to configure DMARC (recommend), then you will need to manually set up DKIM in Office 365. Also when you have only one custom domain is configuring DKIM is not required. domain, then you don’t need to configure DKIM in Office 365. We will also look at configuring DKIM for domains that don’t send emails and I have a couple of small PowerShell scripts for you when you need to configure it for multiple domains. In this article, we are going to add the appropriate records to our DNS Hosting provider and configure DKIM in Office 365. When you have more the one custom domain in Office 365, then you really should configure DKIM, because the built-in DKIM Configuration in Office 365 is insufficient then. Where SPF is required to send emails from Office 365, is DKIM recommended to configure (together with DMARC). Together with SPF and DMARC, this prevents attackers from spoofing your emails.
DKIM is the second authentication method that helps with verifying mail sent from your Office 365 is legitimate.
0 kommentar(er)
